mirror of
https://github.com/pomerium/pomerium.git
synced 2025-06-23 04:58:18 +02:00
777b3b12d2
## Summary Fixes to MCP code registration and token requests. 1. ease some requirements on fields that are RECOMMENDED 2. fill in defaults 3. store both request and response in the client registration 4. check client secret in the /token request ## Related issues - Fixes https://linear.app/pomerium/issue/ENG-2462/mcp-ignore-unknown-grant-types-in-the-client-registration - Fixes https://linear.app/pomerium/issue/ENG-2461/mcp-support-client-secret-in-dynamic-client-registration ## User Explanation <!-- How would you explain this change to the user? If this change doesn't create any user-facing changes, you can leave this blank. If filled out, add the `docs` label --> ## Checklist - [x] reference any related issues - [x] updated unit tests - [x] add appropriate label (`enhancement`, `bug`, `breaking`, `dependencies`, `ci`) - [ ] ready for review
252 lines
11 KiB
Go
252 lines
11 KiB
Go
// Code generated by protoc-gen-go. DO NOT EDIT.
|
|
// versions:
|
|
// protoc-gen-go v1.36.5
|
|
// protoc (unknown)
|
|
// source: authorization_request.proto
|
|
|
|
package gen
|
|
|
|
import (
|
|
_ "buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go/buf/validate"
|
|
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
|
|
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
|
|
reflect "reflect"
|
|
sync "sync"
|
|
unsafe "unsafe"
|
|
)
|
|
|
|
const (
|
|
// Verify that this generated code is sufficiently up-to-date.
|
|
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
|
|
// Verify that runtime/protoimpl is sufficiently up-to-date.
|
|
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
|
|
)
|
|
|
|
// modeled based on
|
|
// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-12#section-4.1.1
|
|
type AuthorizationRequest struct {
|
|
state protoimpl.MessageState `protogen:"open.v1"`
|
|
// The client identifier as described in Section 2.2.
|
|
ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
|
|
// OPTIONAL if only one redirect URI is registered for this client. REQUIRED
|
|
// if multiple redirict URIs are registered for this client.
|
|
RedirectUri *string `protobuf:"bytes,2,opt,name=redirect_uri,json=redirectUri,proto3,oneof" json:"redirect_uri,omitempty"`
|
|
// REQUIRED. The authorization endpoint supports different sets of request and
|
|
// response parameters. The client determines the type of flow by using a
|
|
// certain response_type value. This specification defines the value code,
|
|
// which must be used to signal that the client wants to use the authorization
|
|
// code flow.
|
|
ResponseType string `protobuf:"bytes,3,opt,name=response_type,json=responseType,proto3" json:"response_type,omitempty"`
|
|
// OPTIONAL. An opaque value used by the client to maintain state between the
|
|
// request and callback. The authorization server includes this value when
|
|
// redirecting the user agent back to the client.
|
|
State *string `protobuf:"bytes,4,opt,name=state,proto3,oneof" json:"state,omitempty"`
|
|
// OPTIONAL. The scope of the access request as described by Section 1.4.1.
|
|
Scopes []string `protobuf:"bytes,5,rep,name=scopes,proto3" json:"scopes,omitempty"`
|
|
// REQUIRED or RECOMMENDED, assumes https://www.rfc-editor.org/rfc/rfc7636.html#section-4.1
|
|
// subject to whether the client is public or confidential.
|
|
CodeChallenge *string `protobuf:"bytes,6,opt,name=code_challenge,json=codeChallenge,proto3,oneof" json:"code_challenge,omitempty"`
|
|
// OPTIONAL, defaults to plain if not present in the request. Code verifier
|
|
// transformation method is S256 or plain.
|
|
CodeChallengeMethod *string `protobuf:"bytes,7,opt,name=code_challenge_method,json=codeChallengeMethod,proto3,oneof" json:"code_challenge_method,omitempty"`
|
|
// session this authorization request is associated with.
|
|
// This is a Pomerium implementation specific field.
|
|
SessionId string `protobuf:"bytes,8,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
|
|
// user id this authorization request is associated with.
|
|
// This is a Pomerium implementation specific field.
|
|
UserId string `protobuf:"bytes,9,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
|
|
unknownFields protoimpl.UnknownFields
|
|
sizeCache protoimpl.SizeCache
|
|
}
|
|
|
|
func (x *AuthorizationRequest) Reset() {
|
|
*x = AuthorizationRequest{}
|
|
mi := &file_authorization_request_proto_msgTypes[0]
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
|
|
func (x *AuthorizationRequest) String() string {
|
|
return protoimpl.X.MessageStringOf(x)
|
|
}
|
|
|
|
func (*AuthorizationRequest) ProtoMessage() {}
|
|
|
|
func (x *AuthorizationRequest) ProtoReflect() protoreflect.Message {
|
|
mi := &file_authorization_request_proto_msgTypes[0]
|
|
if x != nil {
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
if ms.LoadMessageInfo() == nil {
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
return ms
|
|
}
|
|
return mi.MessageOf(x)
|
|
}
|
|
|
|
// Deprecated: Use AuthorizationRequest.ProtoReflect.Descriptor instead.
|
|
func (*AuthorizationRequest) Descriptor() ([]byte, []int) {
|
|
return file_authorization_request_proto_rawDescGZIP(), []int{0}
|
|
}
|
|
|
|
func (x *AuthorizationRequest) GetClientId() string {
|
|
if x != nil {
|
|
return x.ClientId
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *AuthorizationRequest) GetRedirectUri() string {
|
|
if x != nil && x.RedirectUri != nil {
|
|
return *x.RedirectUri
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *AuthorizationRequest) GetResponseType() string {
|
|
if x != nil {
|
|
return x.ResponseType
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *AuthorizationRequest) GetState() string {
|
|
if x != nil && x.State != nil {
|
|
return *x.State
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *AuthorizationRequest) GetScopes() []string {
|
|
if x != nil {
|
|
return x.Scopes
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (x *AuthorizationRequest) GetCodeChallenge() string {
|
|
if x != nil && x.CodeChallenge != nil {
|
|
return *x.CodeChallenge
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *AuthorizationRequest) GetCodeChallengeMethod() string {
|
|
if x != nil && x.CodeChallengeMethod != nil {
|
|
return *x.CodeChallengeMethod
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *AuthorizationRequest) GetSessionId() string {
|
|
if x != nil {
|
|
return x.SessionId
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *AuthorizationRequest) GetUserId() string {
|
|
if x != nil {
|
|
return x.UserId
|
|
}
|
|
return ""
|
|
}
|
|
|
|
var File_authorization_request_proto protoreflect.FileDescriptor
|
|
|
|
var file_authorization_request_proto_rawDesc = string([]byte{
|
|
0x0a, 0x1b, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f,
|
|
0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x07, 0x6f,
|
|
0x61, 0x75, 0x74, 0x68, 0x32, 0x31, 0x1a, 0x1b, 0x62, 0x75, 0x66, 0x2f, 0x76, 0x61, 0x6c, 0x69,
|
|
0x64, 0x61, 0x74, 0x65, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72,
|
|
0x6f, 0x74, 0x6f, 0x22, 0xe0, 0x03, 0x0a, 0x14, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a,
|
|
0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x23, 0x0a, 0x09,
|
|
0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42,
|
|
0x06, 0xba, 0x48, 0x03, 0xc8, 0x01, 0x01, 0x52, 0x08, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x49,
|
|
0x64, 0x12, 0x26, 0x0a, 0x0c, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x75, 0x72,
|
|
0x69, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0b, 0x72, 0x65, 0x64, 0x69, 0x72,
|
|
0x65, 0x63, 0x74, 0x55, 0x72, 0x69, 0x88, 0x01, 0x01, 0x12, 0x33, 0x0a, 0x0d, 0x72, 0x65, 0x73,
|
|
0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09,
|
|
0x42, 0x0e, 0xba, 0x48, 0x0b, 0xc8, 0x01, 0x01, 0x72, 0x06, 0x52, 0x04, 0x63, 0x6f, 0x64, 0x65,
|
|
0x52, 0x0c, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x19,
|
|
0x0a, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x48, 0x01, 0x52,
|
|
0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x88, 0x01, 0x01, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x6f,
|
|
0x70, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x6f, 0x70, 0x65,
|
|
0x73, 0x12, 0x36, 0x0a, 0x0e, 0x63, 0x6f, 0x64, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65,
|
|
0x6e, 0x67, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0x72, 0x05,
|
|
0x10, 0x2b, 0x18, 0x80, 0x01, 0x48, 0x02, 0x52, 0x0d, 0x63, 0x6f, 0x64, 0x65, 0x43, 0x68, 0x61,
|
|
0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x88, 0x01, 0x01, 0x12, 0x4b, 0x0a, 0x15, 0x63, 0x6f, 0x64,
|
|
0x65, 0x5f, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x5f, 0x6d, 0x65, 0x74, 0x68,
|
|
0x6f, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x42, 0x12, 0xba, 0x48, 0x0f, 0x72, 0x0d, 0x52,
|
|
0x04, 0x53, 0x32, 0x35, 0x36, 0x52, 0x05, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x48, 0x03, 0x52, 0x13,
|
|
0x63, 0x6f, 0x64, 0x65, 0x43, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x4d, 0x65, 0x74,
|
|
0x68, 0x6f, 0x64, 0x88, 0x01, 0x01, 0x12, 0x25, 0x0a, 0x0a, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f,
|
|
0x6e, 0x5f, 0x69, 0x64, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x42, 0x06, 0xba, 0x48, 0x03, 0xc8,
|
|
0x01, 0x01, 0x52, 0x09, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x12, 0x1f, 0x0a,
|
|
0x07, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x42, 0x06,
|
|
0xba, 0x48, 0x03, 0xc8, 0x01, 0x01, 0x52, 0x06, 0x75, 0x73, 0x65, 0x72, 0x49, 0x64, 0x42, 0x0f,
|
|
0x0a, 0x0d, 0x5f, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x75, 0x72, 0x69, 0x42,
|
|
0x08, 0x0a, 0x06, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x42, 0x11, 0x0a, 0x0f, 0x5f, 0x63, 0x6f,
|
|
0x64, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x42, 0x18, 0x0a, 0x16,
|
|
0x5f, 0x63, 0x6f, 0x64, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x5f,
|
|
0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x42, 0x97, 0x01, 0x0a, 0x0b, 0x63, 0x6f, 0x6d, 0x2e, 0x6f,
|
|
0x61, 0x75, 0x74, 0x68, 0x32, 0x31, 0x42, 0x19, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a,
|
|
0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x50, 0x72, 0x6f, 0x74,
|
|
0x6f, 0x50, 0x01, 0x5a, 0x31, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
|
|
0x70, 0x6f, 0x6d, 0x65, 0x72, 0x69, 0x75, 0x6d, 0x2f, 0x70, 0x6f, 0x6d, 0x65, 0x72, 0x69, 0x75,
|
|
0x6d, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x6f, 0x61, 0x75, 0x74, 0x68,
|
|
0x32, 0x31, 0x2f, 0x67, 0x65, 0x6e, 0xa2, 0x02, 0x03, 0x4f, 0x58, 0x58, 0xaa, 0x02, 0x07, 0x4f,
|
|
0x61, 0x75, 0x74, 0x68, 0x32, 0x31, 0xca, 0x02, 0x07, 0x4f, 0x61, 0x75, 0x74, 0x68, 0x32, 0x31,
|
|
0xe2, 0x02, 0x13, 0x4f, 0x61, 0x75, 0x74, 0x68, 0x32, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65,
|
|
0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x07, 0x4f, 0x61, 0x75, 0x74, 0x68, 0x32, 0x31,
|
|
0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
|
|
})
|
|
|
|
var (
|
|
file_authorization_request_proto_rawDescOnce sync.Once
|
|
file_authorization_request_proto_rawDescData []byte
|
|
)
|
|
|
|
func file_authorization_request_proto_rawDescGZIP() []byte {
|
|
file_authorization_request_proto_rawDescOnce.Do(func() {
|
|
file_authorization_request_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_authorization_request_proto_rawDesc), len(file_authorization_request_proto_rawDesc)))
|
|
})
|
|
return file_authorization_request_proto_rawDescData
|
|
}
|
|
|
|
var file_authorization_request_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
|
|
var file_authorization_request_proto_goTypes = []any{
|
|
(*AuthorizationRequest)(nil), // 0: oauth21.AuthorizationRequest
|
|
}
|
|
var file_authorization_request_proto_depIdxs = []int32{
|
|
0, // [0:0] is the sub-list for method output_type
|
|
0, // [0:0] is the sub-list for method input_type
|
|
0, // [0:0] is the sub-list for extension type_name
|
|
0, // [0:0] is the sub-list for extension extendee
|
|
0, // [0:0] is the sub-list for field type_name
|
|
}
|
|
|
|
func init() { file_authorization_request_proto_init() }
|
|
func file_authorization_request_proto_init() {
|
|
if File_authorization_request_proto != nil {
|
|
return
|
|
}
|
|
file_authorization_request_proto_msgTypes[0].OneofWrappers = []any{}
|
|
type x struct{}
|
|
out := protoimpl.TypeBuilder{
|
|
File: protoimpl.DescBuilder{
|
|
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
|
|
RawDescriptor: unsafe.Slice(unsafe.StringData(file_authorization_request_proto_rawDesc), len(file_authorization_request_proto_rawDesc)),
|
|
NumEnums: 0,
|
|
NumMessages: 1,
|
|
NumExtensions: 0,
|
|
NumServices: 0,
|
|
},
|
|
GoTypes: file_authorization_request_proto_goTypes,
|
|
DependencyIndexes: file_authorization_request_proto_depIdxs,
|
|
MessageInfos: file_authorization_request_proto_msgTypes,
|
|
}.Build()
|
|
File_authorization_request_proto = out.File
|
|
file_authorization_request_proto_goTypes = nil
|
|
file_authorization_request_proto_depIdxs = nil
|
|
}
|